1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | /* |
3 | * A security context is a set of security attributes |
4 | * associated with each subject and object controlled |
5 | * by the security policy. Security contexts are |
6 | * externally represented as variable-length strings |
7 | * that can be interpreted by a user or application |
8 | * with an understanding of the security policy. |
9 | * Internally, the security server uses a simple |
10 | * structure. This structure is private to the |
11 | * security server and can be changed without affecting |
12 | * clients of the security server. |
13 | * |
14 | * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> |
15 | */ |
16 | #ifndef _SS_CONTEXT_H_ |
17 | #define _SS_CONTEXT_H_ |
18 | |
19 | #include "ebitmap.h" |
20 | #include "mls_types.h" |
21 | #include "security.h" |
22 | |
23 | /* |
24 | * A security context consists of an authenticated user |
25 | * identity, a role, a type and a MLS range. |
26 | */ |
27 | struct context { |
28 | u32 user; |
29 | u32 role; |
30 | u32 type; |
31 | u32 len; /* length of string in bytes */ |
32 | struct mls_range range; |
33 | char *str; /* string representation if context cannot be mapped. */ |
34 | }; |
35 | |
36 | static inline void mls_context_init(struct context *c) |
37 | { |
38 | memset(&c->range, 0, sizeof(c->range)); |
39 | } |
40 | |
41 | static inline int mls_context_cpy(struct context *dst, const struct context *src) |
42 | { |
43 | int rc; |
44 | |
45 | dst->range.level[0].sens = src->range.level[0].sens; |
46 | rc = ebitmap_cpy(dst: &dst->range.level[0].cat, src: &src->range.level[0].cat); |
47 | if (rc) |
48 | goto out; |
49 | |
50 | dst->range.level[1].sens = src->range.level[1].sens; |
51 | rc = ebitmap_cpy(dst: &dst->range.level[1].cat, src: &src->range.level[1].cat); |
52 | if (rc) |
53 | ebitmap_destroy(e: &dst->range.level[0].cat); |
54 | out: |
55 | return rc; |
56 | } |
57 | |
58 | /* |
59 | * Sets both levels in the MLS range of 'dst' to the low level of 'src'. |
60 | */ |
61 | static inline int mls_context_cpy_low(struct context *dst, const struct context *src) |
62 | { |
63 | int rc; |
64 | |
65 | dst->range.level[0].sens = src->range.level[0].sens; |
66 | rc = ebitmap_cpy(dst: &dst->range.level[0].cat, src: &src->range.level[0].cat); |
67 | if (rc) |
68 | goto out; |
69 | |
70 | dst->range.level[1].sens = src->range.level[0].sens; |
71 | rc = ebitmap_cpy(dst: &dst->range.level[1].cat, src: &src->range.level[0].cat); |
72 | if (rc) |
73 | ebitmap_destroy(e: &dst->range.level[0].cat); |
74 | out: |
75 | return rc; |
76 | } |
77 | |
78 | /* |
79 | * Sets both levels in the MLS range of 'dst' to the high level of 'src'. |
80 | */ |
81 | static inline int mls_context_cpy_high(struct context *dst, const struct context *src) |
82 | { |
83 | int rc; |
84 | |
85 | dst->range.level[0].sens = src->range.level[1].sens; |
86 | rc = ebitmap_cpy(dst: &dst->range.level[0].cat, src: &src->range.level[1].cat); |
87 | if (rc) |
88 | goto out; |
89 | |
90 | dst->range.level[1].sens = src->range.level[1].sens; |
91 | rc = ebitmap_cpy(dst: &dst->range.level[1].cat, src: &src->range.level[1].cat); |
92 | if (rc) |
93 | ebitmap_destroy(e: &dst->range.level[0].cat); |
94 | out: |
95 | return rc; |
96 | } |
97 | |
98 | |
99 | static inline int mls_context_glblub(struct context *dst, |
100 | const struct context *c1, const struct context *c2) |
101 | { |
102 | struct mls_range *dr = &dst->range; |
103 | const struct mls_range *r1 = &c1->range, *r2 = &c2->range; |
104 | int rc = 0; |
105 | |
106 | if (r1->level[1].sens < r2->level[0].sens || |
107 | r2->level[1].sens < r1->level[0].sens) |
108 | /* These ranges have no common sensitivities */ |
109 | return -EINVAL; |
110 | |
111 | /* Take the greatest of the low */ |
112 | dr->level[0].sens = max(r1->level[0].sens, r2->level[0].sens); |
113 | |
114 | /* Take the least of the high */ |
115 | dr->level[1].sens = min(r1->level[1].sens, r2->level[1].sens); |
116 | |
117 | rc = ebitmap_and(dst: &dr->level[0].cat, |
118 | e1: &r1->level[0].cat, e2: &r2->level[0].cat); |
119 | if (rc) |
120 | goto out; |
121 | |
122 | rc = ebitmap_and(dst: &dr->level[1].cat, |
123 | e1: &r1->level[1].cat, e2: &r2->level[1].cat); |
124 | if (rc) |
125 | goto out; |
126 | |
127 | out: |
128 | return rc; |
129 | } |
130 | |
131 | static inline int mls_context_cmp(const struct context *c1, const struct context *c2) |
132 | { |
133 | return ((c1->range.level[0].sens == c2->range.level[0].sens) && |
134 | ebitmap_cmp(e1: &c1->range.level[0].cat, e2: &c2->range.level[0].cat) && |
135 | (c1->range.level[1].sens == c2->range.level[1].sens) && |
136 | ebitmap_cmp(e1: &c1->range.level[1].cat, e2: &c2->range.level[1].cat)); |
137 | } |
138 | |
139 | static inline void mls_context_destroy(struct context *c) |
140 | { |
141 | ebitmap_destroy(e: &c->range.level[0].cat); |
142 | ebitmap_destroy(e: &c->range.level[1].cat); |
143 | mls_context_init(c); |
144 | } |
145 | |
146 | static inline void context_init(struct context *c) |
147 | { |
148 | memset(c, 0, sizeof(*c)); |
149 | } |
150 | |
151 | static inline int context_cpy(struct context *dst, const struct context *src) |
152 | { |
153 | int rc; |
154 | |
155 | dst->user = src->user; |
156 | dst->role = src->role; |
157 | dst->type = src->type; |
158 | if (src->str) { |
159 | dst->str = kstrdup(s: src->str, GFP_ATOMIC); |
160 | if (!dst->str) |
161 | return -ENOMEM; |
162 | dst->len = src->len; |
163 | } else { |
164 | dst->str = NULL; |
165 | dst->len = 0; |
166 | } |
167 | rc = mls_context_cpy(dst, src); |
168 | if (rc) { |
169 | kfree(objp: dst->str); |
170 | dst->str = NULL; |
171 | dst->len = 0; |
172 | return rc; |
173 | } |
174 | return 0; |
175 | } |
176 | |
177 | static inline void context_destroy(struct context *c) |
178 | { |
179 | c->user = c->role = c->type = 0; |
180 | kfree(objp: c->str); |
181 | c->str = NULL; |
182 | c->len = 0; |
183 | mls_context_destroy(c); |
184 | } |
185 | |
186 | static inline int context_cmp(const struct context *c1, const struct context *c2) |
187 | { |
188 | if (c1->len && c2->len) |
189 | return (c1->len == c2->len && !strcmp(c1->str, c2->str)); |
190 | if (c1->len || c2->len) |
191 | return 0; |
192 | return ((c1->user == c2->user) && |
193 | (c1->role == c2->role) && |
194 | (c1->type == c2->type) && |
195 | mls_context_cmp(c1, c2)); |
196 | } |
197 | |
198 | u32 context_compute_hash(const struct context *c); |
199 | |
200 | #endif /* _SS_CONTEXT_H_ */ |
201 | |
202 | |